Punch firewall holes for ISAKMP (udp port 500) and IPsec ESP. Set system.foreground to 1 to force scripts to complete before starting console shell.
Signed-off-by: Philip Prindeville <phil...@redfish-solutions.com> ---
Index: target/linux/x86/geos/base-files/etc/uci-defaults/firewall =================================================================== --- target/linux/x86/geos/base-files/etc/uci-defaults/firewall (revision 0) +++ target/linux/x86/geos/base-files/etc/uci-defaults/firewall (revision 0) @@ -0,0 +1,33 @@ +#!/bin/sh + +uci batch <<__EOF__ + +add firewall rule +set firewall.@rule[-1].src=wan +set firewall.@rule[-1].dest_port=123 +set firewall.@rule[-1].target=ACCEPT +set firewall.@rule[-1].proto=udp + +add firewall rule +set firewall.@rule[-1].src=wan +set firewall.@rule[-1].dest=lan +set firewall.@rule[-1].proto=esp +set firewall.@rule[-1].target=ACCEPT + +add firewall rule +set firewall.@rule[-1].src=wan +set firewall.@rule[-1].dest=lan +set firewall.@rule[-1].src_port=500 +set firewall.@rule[-1].dest_port=500 +set firewall.@rule[-1].proto=udp +set firewall.@rule[-1].target=ACCEPT + +add firewall rule +set firewall.@rule[-1].src=wan +set firewall.@rule[-1].dest_port=22 +set firewall.@rule[-1].target=ACCEPT +set firewall.@rule[-1].proto=tcp + +commit firewall +__EOF__ + Index: target/linux/x86/geos/base-files/etc/uci-defaults/foreground =================================================================== --- target/linux/x86/geos/base-files/etc/uci-defaults/foreground (revision 0) +++ target/linux/x86/geos/base-files/etc/uci-defaults/foreground (revision 0) @@ -0,0 +1,6 @@ +#!/bin/sh + +uci set 'system.@system[0].foreground=1' + +uci commit system +
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
